Avaya Global Privacy Office

Avaya Global Affiliates:

HIPAA:

If you have any questions or concerns regarding the privacy of medical data, please contact us at medicalprivacy@avaya.com

Website Privacy Statement

Avaya is solving the challenges of digital transformation with innovative solutions that deliver world-class experiences and safeguard your personal data.

Your privacy is important to Avaya. We have prepared this website privacy statement ("Website Privacy Statement") to disclose how Avaya Inc. (4655 Great America Parkway, Santa Clara, CA 95054-1233, USA) or its respective worldwide affiliate / subsidiary[1](“Avaya”) processes personal information about individuals (i.e., data that identifies or may be used to identify an individual) ("Personal Data"), including general information: (i) what categories of Personal Data is collected; (ii) for what purposes Personal Data is collected; (iii) from what sources Personal Data is collected; (iv) with what categories of third parties Personal Data is shared and; (v) what choices regarding collected Personal Data individuals have and how they can exercise their rights, etc.

This Website Privacy Statement covers our main website www.avaya.com and certain other websites directly linking into this Website Privacy Statement (“Website”) to the extent such websites do not have stand-alone privacy statements. Additional information on the processing of Personal Data may be disclosed in the notice provided to you prior to Personal Data collection – in such event such notice will supplement and prevail over this Website Privacy Statement.

Processing of Personal Data

In order to conduct global business in this increasingly electronic economy, the collection and use of Personal Data is often necessary and desirable for businesses and individuals involved. It is Avaya's goal to balance the benefits of our and our customers' business with the right of individuals as regards their Personal Data.

What Categories of Personal Data May Be Collected Through the Website?

internet or other electronic network activity information, including, but not limited to, browsing history, search history and information regarding your interaction with a Website;

electronic, visual, or similar information;

education and employment-related information;

inferences drawn from any of the information identified above to reflect your preferences, etc.

For What Purposes May Personal Data Be Collected Through the Website?

Personal Data collected through our Website will be used for the purpose(s) identified in the notice to you prior to Personal Data collection or, otherwise, as permitted by applicable law. In the event you receive no specific prior notice, Personal Data may be used by Avaya for multiple (commercially) reasonable purposes, such as (to the extent permitted by applicable law):

to operate and maintain our Website;

to authenticate users of our Website (this includes conclusion of the contract and account registration);

to understand your needs and preferences and to assess your level of satisfaction with the Website;

to communicate with you about the Website;

to process payment for certain products and services you purchase on the Website

to access, store and analyze your information so that you may enjoy the Website;

to evaluate the performance and safety of our Website;

to prevent and detect fraud or misuse of the Website;

to maintain internal records;

to send marketing communications, whitepapers and newsletters;

to register for a seminar or webinar (or the like);

to participate in an online survey;

to register for membership programs;

to support recruitment inquiries;

to participate in discussion groups or forums;

to customize advertising and content;

to purchase products and / or services available on our Website;

to follow up on any questions and requests for assistance or information;

to comply with legal requirements;

to operate our business.

From What Sources Personal Data May Be collected?

Avaya will collect Personal Data from you directly, unless we state otherwise in the additional notice provided to you prior to your Personal Data collection – in such event such notice will supplement and prevail over this Website Privacy Statement. If you provide Avaya with any third party's Personal Data, you confirm that you have such third party's explicit permission to do so.

In What Way Personal Data May Be Processed?

Processing of Personal Data may include using, storing, recording, transferring, adapting, summarizing, amending, sharing, anonymizing and destroying Personal Data as necessary under the circumstances or as otherwise required by applicable law. Once you register with Avaya and / or use our Website, we will be processing some of your Personal Data.

For How Long Personal Data Will Be Retained?

We will retain and use your Personal Data as required to accomplish the purposes for which it was collected or as necessary to resolve disputes, enforce contracts and / or comply with our legal obligations.

Security of Personal Data

The security of your Personal Data is very important to us and we take it seriously. Avaya has implemented and will maintain technical and organizational security measures that are appropriate with respect to the nature of Personal Data which is collected and processed through this Website. Avaya will ensure a level of security appropriate to the risk of varying likelihood and severity for the rights and freedoms of natural persons.

Sharing of Personal Data

Within Avaya

Information collected via this Website may be shared with Avaya affiliates / subsidiaries for the purposes identified in this Website Privacy Statement. To ensure such transfers of Personal Data within Avaya affiliates / subsidiaries are safeguarded legally, Avaya will comply with applicable legislation on international data transfers and implement the appropriate safeguards to enable such transfers, such as Binding Corporate Rules.

With External Sub-processors

We may disclose your Personal Data (identified under Sub-Section titled ”What Categories of Personal Data May Be Collected Through the Website?”)to our sub-processors (sub-contractors) who assist us in making this Website (or services within the Website) available to you. Our sub-processors (sub-contractors) will only use your Personal Data to the extent necessary to perform their functions specified in the respective agreements.

Specific Disclosure Rules

Avaya may also disclose certain Personal Data to third parties in other special instances, including: (i) as required to do so by law, such as to comply with a court order or similar legal process; (ii) when we believe in good faith that disclosure is necessary to protect our rights, your safety or the safety of others or defend against legal claims; (iii) for the purposes of prevention of fraud or other crime; (iv) in connection with or during negotiation of any merger, acquisition, sale of all or a portion of our assets, financing, liquidation, reorganization; and (v) in aggregated and / or anonymized form which can no longer be used to identify you.

International Data Transfers

Information that you submit to us via the Website may be transferred to countries outside your country / region. By way of example, this may happen if you are a resident of the European Economic Area (“EEA”) and one or more of our servers are from time to time located in a country outside the EEA or one of our service providers is in a country outside the EEA. If you make a contact with any business featured on our Website, your details may be transferred outside the EEA. If we transfer your information outside the EEA in this way, we will take steps to ensure that your privacy rights continue to be protected.

Internal transfers of Personal Data between Avaya affiliates / subsidiaries will be governed by Avaya Binding Corporate Rules. If Avaya transfers Personal Data originating from the EEA to third party sub-processors (i.e., Avaya sub-contractors that are not Avaya affiliates / subsidiaries) located in countries outside the EEA that have not received a binding adequacy decision by the European Commission, such transfers shall comply with appropriate transfer mechanisms that provide an adequate level of protection in compliance with GDPR.

For Personal Data originating outside of the EEA, Avaya will also implement appropriate safeguards to protect such data adequately and comply with applicable privacy legislation.

Data Breach Notification

We employ stringent security standards with a view to protecting your Personal Data. Depending on the jurisdiction applicable, we may be obliged by law to inform you and / or relevant data protection authorities about breaches of security in our IT network which may affect your Personal Data. Where legally required and possible, we will notify you (e.g., by sending an email, or otherwise contacting you) and / or display a notice on our Website in case of such a breach.

Cookies and Other Similar Technologies

Information obtained from cookies and other similar technologies is used for better understanding and improving the effectiveness, performance, and usability of the Website and help tailor content for you on our Website. "Cookies" are small files that our Website places on user’s device internet browser for identification purposes. Cookies are used to better serve the visitor when he returns to the website which has implemented them (note that cookies cannot read data of user’s device hard drive). For more information regarding cookies and other tracking technologies that may be used on the Website please review the Avaya Website Cookie Statement.

Data Subject’s Rights

Applicable to All Data Subjects

To access and use our Website we may request Personal Data from you. If you do not submit the requested Personal Data, you may not have access to certain parts of the Website and / or may not use the concerned services available on the Website.

Depending on the applicable data protection laws, you may have various rights, such as: right of access, right to rectification, restriction of processing, right to erasure (“right to be forgotten”), right to data portability, object to the processing, right not to be subject to an automated individual decision making, etc. When implementing your rights please note that we may request specific information from you to enable us to confirm your identity so we could fulfil your rights. Please also note that your rights are not absolute and might be subject to certain limitations prescribed by law. Also, your Personal Data may be destroyed, erased or made anonymous in accordance with our obligations or practices.

Where your consent was required for our collection, use or disclosure of your Personal Data, you may at any time withdraw your consent without affecting the lawfulness of processing based on such consent before its withdrawal. All communications with respect to such withdrawal or variation of consent should be in writing.

Additional Information to California Residents (Consumers)

California Consumer Privacy Act(“CCPA”) is a new law in California, which provides a robust and coherent statutory framework for the protection of “Personal Information” (i.e., any information relating to an identified or identifiable natural person or household – California resident (“Consumer”). CCPA marks a paradigm shift in how companies handle and protect Personal Information by giving Consumers control and very strong rights over their Personal Information.

Categories of Personal Information. For the summary of the main categories of Personal Information we collect from Consumers see the sub-section titled “What Categories of Personal Data May Be Collected Through the Website?” above.

Purposes and sources of collecting of Personal Information. Regarding the sources from which we collect the foregoing Personal Information and the business purpose for which the Personal Information is collected, please see the sub-sections titled “For What Purposes May Personal Data Be Collected Through the Website?” and “From What Sources Personal Data May Be collected?” above.

Sharing Personal Information with third parties. Concerning the categories of third parties with whom we share Consumers’ Personal Information, please see section titled “Sharing of Personal Data” above. To achieve our business purposes, in the past 12 months we have disclosed Personal Information (listed above) to the third parties.

Avaya does not sell Personal Information. In the preceding 12 months term Avaya has not sold Personal Information collected about the Consumers on the Website to the third parties.

Consumer Rights. Subject to certain legal limitations and applicable exceptions set forth by CCPA, the Consumers may exercise the following rights (i) by using a self-serve tools embedded within their Avaya account(s) accessible via the Website; (ii) by populating this web-form, (iii) by emailing us at dataprivacy@avaya.com, or (iv) by calling a toll-free telephone number +1-800-213-9919 and leaving a voice mail.

Right to know. Customer has the right to request information about (i) the categories of Personal Information Avaya has collected about Consumer, (ii) the categories of sources from which Consumer’s Personal Information has been collected, (iii) the business or commercial purpose(s) for collecting Consumer’s Personal Information, (iii) the categories of third parties with whom Avaya has shared Consumer’s Personal Information (“Categories Report”). Consumer may also request information about the specific pieces of Personal Information Avaya has collected about the Consumer (“Specific Pieces Report”);

Right to Delete. Consumer has the right to request that we delete Personal information that we have collected from him.

In accordance with applicable law, we will not discriminate such Consumer in terms of providing equal price and/or services available on the Website in comparison to the other Consumers who have not exercised their rights.

Verification. For Avaya to successfully implement Consumer’s rights, the company will need to obtain certain information to locate the Consumer in its records and verify his identity depending on the nature of the request. In the request to Avaya the Consumer is required (i) to describe the scope of his (legal) relationship with Avaya; (ii) to identify which exact right Consumer wants to exercise and why; (iii) to provide name and contact information, such as phone number, residential address, email address. In addition, after the initial assessment of Consumer’s request, Avaya may ask Consumer for a signed declaration, under penalty of perjury, that Consumer is who he says. Avaya will use the foregoing information only for the purpose of verifying Consumer’s identity and fulfilling his legitimate request(s).

Timing. Avaya will use commercially reasonable efforts to address each Consumer’s request within 45 days following successful verification of Consumer’s identity (unless additional 45 days extension might be required in certain special cases allowed by CCPA - in such event Avaya will notify the Consumer without undue delay).

Linked External Content

Avaya may include selected links, content or resources (collectively the “Content”) within our Website. Avaya regularly checks the Content before linking it, but we do not have control over the Content. Avaya is, therefore, not responsible for the Content and encourages you to review those third-party privacy policies when accessing the Content.

Forums and Chat Rooms

If you participate in Avaya-run discussion forums or contact our support service via a chat service online interface or email, we will ask you for additional information (which may include your Personal Data) such as your forum moniker, name, e-mail, phone number, company you represent, the device you are using or the technical issue you are experiencing, etc. Avaya stores such content to run the forums, chat rooms and to process your query. Please note that content you post in public forums and / or chat rooms is open for anyone to see and Avaya is not responsible for the Personal Data or any other information you choose to submit in these forums / chat rooms.

Children’s Privacy

Avaya is sensitive to the protection of the interests of children, but at the same time we believe that parents have the ultimate responsibility to supervise their children's online activities. We urge parents to discuss the online release and protection of Personal Data with their children. Whenever we request Personal Data from a child, we will also ask for a parent's e-mail address so that we can notify the parent that we have received Personal Data from the child. Parents may have the right to review Personal Data we have collected from their child by following the procedures for data access set out in the "Data Subject’s Rights​" section of this Website Privacy Statement.

Tell a Friend

If you choose to use our referral service to tell a friend about our Website, you represent that you have the third party's permission to do so. In turn, we will ask you for your friend's name along with an e-mail address or other relevant information and automatically send your friend a one-time e-mail inviting him or her to visit the Website.

Selecting Your Communication Preferences

You can tell us not to contact you with updates and information regarding our solutions either at the point such information is collected, (by checking or un-checking (as directed) the relevant box) or, where you do not wish us to continue to use your information in this way, by following the unsubscribe instructions on any communications sent to you. If you need help with exercising this right, please contact Avaya Privacy Office at dataprivacy@avaya.com. Please be sure to include your name, email address, and specific, relevant information about the material you no longer wish to receive.

Dispute Resolution

If you have a complaint about privacy practices at Avaya, please contact Avaya Global Privacy Office (either by email at dataprivacy@avaya.com or by postal mail at Avaya Global Privacy Office, Avaya UK, Building 1000, Cathedral Square, Cathedral Hill, Guildford, Surrey GU2 7YL, United Kingdom), which will take reasonable endeavors to work with you to attempt to resolve your complaint. You may also lodge a complaint with respective supervisory authority (you can find contact details of your local data protection supervisory authorities within the European Union here) and / or bring proceedings before a court of competent jurisdiction in accordance with the applicable data protection laws. Please review our Binding Corporate Rules Policies for detailed information regarding complaint-handling procedure at Avaya.

Website Privacy Statement Update Procedure

We reserve the right to amend or change this Website Privacy Statement at any time, so please review it frequently. If we change this Website Privacy Statement, we will post the revised version, with an updated revision date. By continuing to use our Website after such revisions are in effect, you accept and agree to the revisions.

Interpretation of This Website Privacy Statement

Any interpretation of this Website Privacy Statement will be done by the Avaya Global Privacy Officer. This Website Privacy Statement does not create or confer upon any individual any rights or impose upon Avaya any obligations outside of, or in addition to, any rights or obligations imposed by the privacy laws applicable to such individual's Personal Data. Should there be, in a specific case, any inconsistency between this Website Privacy Statement and such privacy laws, this Website Privacy Statement shall be interpreted to comply with such privacy laws.

Further Information and Contact Details of Avaya Privacy Officers

If you have any questions about this Website Privacy Statement or concerns about how we manage your Personal Data collected through the Website, please contact the Avaya Global Privacy Officers at dataprivacy@avaya.com or by postal mail to Avaya UK, Building 1000, Cathedral Square, Cathedral Hill, Guildford, Surrey GU2 7YL, United Kingdom or Avaya Deutschland GmbH, Theodor-Heuss-Allee 112, 60486 Frankfurt am Main, Germany.

[1] For more information about these entities, please go to the regulatory pages of each country.